Commit Graph

16552 Commits

Author SHA1 Message Date
James Bardin 10f6d7f30f Add locking for s3 state
Use a DynamoDB table to coodinate state locking in S3.

We use a simple strategy here, defining a key containing the value of
the bucket/key of the state file as the lock. If the keys exists, the
locks fails.

TODO: decide if locks should automatically be expired, or require manual
intervention.
2017-01-30 17:16:57 -05:00
James Bardin 35307d5a60 Add remote state locking
In order to provide lockign for remote states, the Cache state,
remote.State need to expose Lock and Unlock methods. The actual locking
will be done by the remote.Client, which can implement the same
state.Locker methods.
2017-01-30 17:16:57 -05:00
James Bardin 6162cde6ff Add basic local state locking
Add the LockUnlock methods to LocalState and BackupState.

The implementation for LocalState will be platform specific. We will use
OS-native locking on the state files, speficially locking whichever
state file we intend to write to.
2017-01-30 17:16:57 -05:00
James Bardin cc0712edab add state.Locker interface
Changed from state.StateLocker to remove the stutter.

State implementations can provide Lock/Unlock methods to lock the state
file. Remote clients can also provide these same methods, which will be
called through remote.State.
2017-01-30 17:16:57 -05:00
Clint be9fc64967 Merge pull request #11530 from hashicorp/b-aws-test-fixes
provider/aws: Handful of Acc configuration tests
2017-01-30 16:13:24 -06:00
clint shryock 2313281eba fix db option group test 2017-01-30 15:48:52 -06:00
Jake Champlin c0c06ee876 Merge pull request #11526 from hashicorp/b-fix-rds-cluster-param-group-tests
provider/aws: Fix AWS RDS Cluster Parameter Group Tests
2017-01-30 16:36:21 -05:00
Jake Champlin 1b713e87b8
provider/aws: Fix AWS RDS Cluster Parameter Group Tests
Fixes `aws_rds_cluster_parameter_group` acceptance tests, which have been broken since aa8c2ac587

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBClusterParameterGroupOnly'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/30 16:20:38 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDBClusterParameterGroupOnly -timeout 120m
=== RUN   TestAccAWSDBClusterParameterGroupOnly
--- PASS: TestAccAWSDBClusterParameterGroupOnly (15.26s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	15.282s
```

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBClusterParameterGroup_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/30 16:22:48 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDBClusterParameterGroup_basic -timeout 120m
=== RUN   TestAccAWSDBClusterParameterGroup_basic
--- PASS: TestAccAWSDBClusterParameterGroup_basic (29.48s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	29.510s
```
2017-01-30 16:28:24 -05:00
Jake Champlin 0ce78077f8 Merge pull request #11524 from hashicorp/b-fix-cloudwatch-log-subscription-filter-test
provider/aws: Fix cloudwatch log subscription filter test
2017-01-30 16:21:00 -05:00
clint shryock 75121fe00e clean up db subnet name collisiosn 2017-01-30 15:19:24 -06:00
clint shryock 7fcbc0495c randomize Beanstalk test name 2017-01-30 15:06:29 -06:00
Jake Champlin c9dd87d03a
provider/aws: Fix cloudwatch log subscription filter test
Fixes `aws_cloudwatch_log_subscription_filter` acceptance tests that had been failing since mid December

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCloudwatchLogSubscriptionFilter_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/30 16:00:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSCloudwatchLogSubscriptionFilter_basic -timeout 120m
=== RUN   TestAccAWSCloudwatchLogSubscriptionFilter_basic
--- PASS: TestAccAWSCloudwatchLogSubscriptionFilter_basic (26.34s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	26.364s
```
2017-01-30 16:03:55 -05:00
Mitchell Hashimoto ecae826f82 Update CHANGELOG.md 2017-01-30 12:54:22 -08:00
Mitchell Hashimoto 61881d2795 Merge pull request #10934 from hashicorp/f-provisioner-stop
core: stoppable provisioners, helper/schema for provisioners
2017-01-30 12:53:15 -08:00
Jake Champlin 3c0fdc4764 Merge pull request #11522 from hashicorp/b-fix-asg-schedule-acctests
provider/aws: Fix acceptance tests for autoscaling schedule
2017-01-30 15:47:34 -05:00
Jake Champlin feafe3c0b5
provider/aws: Fix acceptance tests for autoscaling schedule
Fixes acceptance tests for `aws_autoscaling_schedule` resource

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAutoscalingSchedule_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/30 14:40:34 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAutoscalingSchedule_basic -timeout 120m
=== RUN   TestAccAWSAutoscalingSchedule_basic
--- PASS: TestAccAWSAutoscalingSchedule_basic (170.38s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	170.406s
```

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAutoscalingSchedule_disappears'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/30 15:00:49 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAutoscalingSchedule_disappears -timeout 120m
=== RUN   TestAccAWSAutoscalingSchedule_disappears
--- PASS: TestAccAWSAutoscalingSchedule_disappears (179.23s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	179.253s
```
2017-01-30 15:07:10 -05:00
Mitchell Hashimoto 3776d31d69
provisioners/local-exec: remove data race by setting err only once 2017-01-30 10:21:05 -08:00
Ryon 870b85765b Add Google Tag Manager #GTM-NR2SD7C (#11476) 2017-01-30 17:31:28 +00:00
John Engelman 0152a79b90 Closes #11053. Use environment specific client for accessing resources. (#11503)
When using access control, the Rancher global API may return 404 for
resources that exist and are accessible via the environment API.
2017-01-30 17:08:21 +00:00
Mitchell Hashimoto 3e771a674c
terraform: acquire stopCh outside goroutine to ensure in lock 2017-01-30 08:49:07 -08:00
Mitchell Hashimoto 9b17d57332 Update CHANGELOG.md 2017-01-30 08:45:43 -08:00
Mitchell Hashimoto 195d34424e Merge pull request #11482 from hashicorp/f-computed-count
core: allow non-computed data source values in "count"
2017-01-30 08:44:27 -08:00
Mitchell Hashimoto 17cb8d8d8d Merge pull request #11510 from hashicorp/b-plan-config
backend/local: validate module exists for plan
2017-01-30 08:44:06 -08:00
Mitchell Hashimoto 00232f0994
terraform: acquireRun during test to avoid special case logic 2017-01-30 08:41:38 -08:00
Mitchell Hashimoto 5b42781117
terraform: defer unlock of lock in Stop to enure it always unlocks 2017-01-30 08:35:10 -08:00
Traver Tischio 33b43fccdc provider/fastly Adds papertrail logging (#11491)
* Creates papertrail logging resource for fastly

* Adds modification support for fastly papertrail

* Flattens and lists papertrail resources

* Adds testing for fastly papertrail

* Adds papertrail documentation for fastly to the website

* Fixes schema assignment name mistake

* Changes testing hostnames to pass fastly API validation
2017-01-30 16:05:27 +00:00
Paul Stack 5411e7d36b provider/aws: Bump SDK version to 1.6.18 (#11514) 2017-01-30 14:18:29 +00:00
Jake Champlin 9cdd7547e1 Merge pull request #11474 from hashicorp/b-fix-aws-alb-import
provider/aws: Import aws_alb_listener_rule fix
2017-01-30 08:49:24 -05:00
Thomas Schaaf 22cbca240c More complex example for db_event_subscription (#11513) 2017-01-30 12:13:02 +00:00
yn 8ea5d53954 SNS Topic Subscription: import more attributes (#10408) 2017-01-30 11:52:23 +00:00
Dana Hoffman 55ca64a095 provider/google: allow instance group managers in region other than project (#11294) 2017-01-30 11:35:35 +00:00
snakeb1t 747ca75bfe kms CreateKey: retry if arn in policy not yet seen (#11509)
if KMS service doesn't think a resource exists which is listed in
a Key policy, then CreateKey fails. so retry until it's seen
by KMS service.
2017-01-30 11:23:43 +00:00
Mitchell Hashimoto a424203ea3
backend/local: validate module exists for plan
Fixes #11504

The local backend should error if `terraform plan` is called in a
directory with no Terraform config files (same behavior as 0.8.x).
**New behavior:** We now allow `terraform plan -destroy` with no
configuration files since that seems reasonable.
2017-01-29 20:02:12 -08:00
Mitchell Hashimoto 9183be4c83
update master version to 0.9.0-dev 2017-01-29 18:46:18 -08:00
Brad Sickles ea642dd1ee Initial commit from @BSick7:
Implementing vpc_peering_connection_accept.

Additions from @ewbankkit:
Rename 'aws_vpc_peering_connection_accept' to 'aws_vpc_peering_connection_accepter'.
Get it working reusing functionality from 'aws_vpc_peering_connection' resource.
2017-01-29 18:53:01 -05:00
Radek Simko d5ac48de2a helper/schema: Remove missed subfields when parent list is removed (#11498) 2017-01-29 21:15:00 +00:00
Borgstrom ♕ 01a6bd7592 provider/aws: New data provider to decrypt KMS secrets (#11460)
* Add a new data provider to decrypt AWS KMS secrets

* Address feedback

* Rename aws_kms_secrets to aws_kms_secret
* Add more examples to the documentation
2017-01-29 21:01:38 +00:00
Mitchell Hashimoto 3913f06d46 Merge pull request #11502 from hashicorp/b-provisioner-computed
provisioners/chef: check IsComputed for JSON attributes
2017-01-29 12:37:14 -08:00
Paul Stack 4ebd207803 provider/aws: Add support for policy to AWS provider assume_role (#11501)
Fixes: #11461

This will allow the user to pass a policy to further restrict the use
of AssumeRole. It is important to note that it will NOT allow an
expansion of access rights
2017-01-29 20:32:24 +00:00
Mitchell Hashimoto 5fc516f99d
provisioners/chef: check IsComputed for JSON attributes
Fixes #10788

This checks `IsComputed` prior to attempting to use the JSON
configurations. Due to a change in 0.8, the prior check for simply map
existence would always succeed even with a computed value (as designed),
but we forgot to update provisioners to not do that.

There are other provisioners that also do this but to no ill effect
currently. I've only changed Chef since we know that is an issue.

This issue doesn't affect 0.9 due to helper/schema doing this
automatically for provisioners.
2017-01-29 12:30:44 -08:00
Christoph Blecker c01680b7a9 build: Update travis to go1.7.5 and go1.8rc3 and Vagrantfile to go1.7.5 (#11490)
* Update travis to go1.7.5 and go1.8rc3

* Update Vagrantfile to go1.7.5
2017-01-29 19:39:07 +00:00
julius-bonial 5d8662d5da fix wrong usage of hashicorp/errwrap (#11500)
According to https://github.com/hashicorp/errwrap
'{{err}}' has to be used instead of '%s'

Without this patch, error output from terraform is missing important information:
* aws_cloudwatch_log_group.logs: Error Getting CloudWatch Logs Tag List: %s

With this patch, I get the important information. E.g.:
* aws_cloudwatch_log_group.logs: Error Getting CloudWatch Logs Tag List: AccessDeniedException: User: arn:aws:sts::XYZ:assumed-role/AAA-BBB-CCC/terraform-assuming-role-assume-role-ReadOnly is not authorized to perform: logs:ListTagsLogGroup on resource: arn:aws:logs:us-east-1:XYZ:log-group:logs:log-stream:
2017-01-29 19:19:48 +00:00
Kannan Goundan ab18f60071 provider/ns1/record: Fix "use_client_subnet". (#11368)
The support for "use_client_subnet" was half finished.
- Field was defined in schema.
- ResourceData-to-struct code was present but incorrect.
- struct-to-ResourceData code was missing.

Made the change and verified with manual testing:
1. In NS1 UI, switched "Use Client Subnet" between checked and
   unchecked.
2. In Terraform config file, switched "use_client_subnet" field between
   "true", "false", and omitted.
3. The output of "terraform plan" was as expected in all six cases.
2017-01-29 16:45:13 +00:00
Jake Champlin 96f6044908 provider/aws: ECS Placement constraints fix (#11475)
* fixing AWS ECS placement constraints

* correcting AWS ECS task definition doc

* reverting unnecessary change to resource_aws_ecs_task_definition

* provider/aws: ECS Placement constraints fix

Expands upon #11446 from @bgetsug

Adds:
 - Acceptance Test
 - Improves `nil` check on constraint expression

 Fixes: #10968
2017-01-29 16:42:50 +00:00
Christoph Blecker 061c8cc7ef ip_address is an array and requires the instance number (#11389) 2017-01-29 16:36:57 +00:00
Joe Topjian 5f8dc6cc34 provider/openstack: Remove Default Security Group Rules (#11466)
This commit removes the default security group rules that are automatically
created when a security group is created. These rules are usually
permissive egress rules which makes it difficult to add more strict egress
security group rules.
2017-01-29 16:07:33 +00:00
Alexander 5f94b51eb0 provider/pagerduty: Allow timeouts to be disabled (pagerduty_service) (#11483)
* Vendor update

* Add exists check

* Update test

* Update documentation
2017-01-29 16:06:44 +00:00
Christoph Blecker b5e8d62b14 Fix vet errors in providers (#11496) 2017-01-29 15:59:55 +00:00
Adam Dehnel d17b4ed776 Added example showing multiple principles (#11495) 2017-01-29 15:57:46 +00:00
Lorentzca e98df5d8bc Fix do doc small typo (#11497) 2017-01-29 15:56:13 +00:00